For the more privacy-conscious community, cloud services like Dropbox aren't particularly appealing. I understand though that support for alternative open-source, zero-knowledge platforms is an unrealistic request, as most users are fine using something like Dropbox and implementing integration with another cloud service would be a complicated, time intensive task.

One workaround that might be feasible though is giving users the option to protect their Scrivener projects with a password, not unlike Microsoft giving users the ability to password-protect individual Word documents, or Apple allowing you to quickly encrypt individual notes with a password - something that works in tandem with iCloud note sync (here's a quick iCloud security overview - https://support.apple.com/en-us/HT202303).

As the world as a whole becomes more and more privacy-conscious and encryption becomes more commonplace across a variety of different apps and services, I think this would be an awesome feature, and would make more privacy-conscious users feel much more at ease when uploading their Scrivener projects to Dropbox

Since .scriv files on the Mac are packages, password protecting them isn't really an effective security measure. Anyone with a little motivation and knowledge would just open the package and look at the RTF files inside without even opening Scrivener.

If you're concerned about the security or privacy or your .scriv files, you should look into encryption. You can either encrypt entire volumes (like a thumb drive) or encrypt file-by-file. There are many apps available on Mac and Windows for either solution.

Scrivener shouldn't be handling this. If you value your privacy enough to want password protection, you should value it enough to use software whose primary purpose is data security.

The other advantage of using outside software is that you could implement it today, and your work would be safe.

jeanRem wrote:I do not understand why this very simple function could not be implemented in Scrivener. This is upmost trivial.

No, it's actually not. You'd have to password protect an entire directory structure, not just an individual file, potentially including aliased research files located outside the project folder, plus all of Scrivener's own automatic backups. But you'd have to protect the individual files in that structure, too, otherwise backups taken by other software might include unprotected copies of the individual files. And the mechanism would have to be robust enough to work (again, for the entire folder structure) across multiple computers and platforms, while not impeding Scrivener's functionality or performance in any way.

popcornflix wrote:If you're concerned about the security or privacy or your .scriv files, you should look into encryption. You can either encrypt entire volumes (like a thumb drive) or encrypt file-by-file. There are many apps available on Mac and Windows for either solution.

Scrivener shouldn't be handling this. If you value your privacy enough to want password protection, you should value it enough to use software whose primary purpose is data security.

This. The "trivial" solution might make you feel more secure, but would only guard against equally trivial attempts to access your files.

If you have a privacy concern, rather than a true security concern -- for instance you don't want family members snooping around in your diary -- the best, easiest, and most immediate solution is to create a separate user account with a strong password that only you know.

Yes, Katherine and popcornflix have hit the nail on the head. We do get frequent requests to password-protect Scrivener projects, but it's not like password-protecting a single file such as a Word document, which can be encrypted. As Katherine and popcornflix point out, a Scrivener project is not a single file but a folder full of many files. That entire directory would need encrypting, and it would need decrypting on read. That is far from simple. Would each file be decrypted as it was needed? Or would an entire (possibly huge) project directory be encrypted and have to be decrypted as a whole on project open?

Adding password-protection so that no one can easily access a project by double-clicking it wouldn't be particularly difficult, but it would give a false sense of security, given that anyone with computer know-how could, as popcornflix says, get access to the data in your projects (and it would be no protection from Dropbox).

Note that Ulysses has the same problem - it provides a library of files, and although it provides basic password protection to keep work away from prying eyes, the Ulysses guys make it clear that this is not the same as encryption: https://ulyssesapp.com/kb/password-lock.

jeanRem wrote:I do not understand why this very simple function could not be implemented in Scrivener. This is upmost trivial.

No, it's actually not. You'd have to password protect an entire directory structure, not just an individual file, potentially including aliased research files located outside the project folder, plus all of Scrivener's own automatic backups. But you'd have to protect the individual files in that structure, too, otherwise backups taken by other software might include unprotected copies of the individual files. And the mechanism would have to be robust enough to work (again, for the entire folder structure) across multiple computers and platforms, while not impeding Scrivener's functionality or performance in any way.

Katherine

After reading this reply and all of the others, I think I understand now why password protecting Scrivener projects isn't as simple as I thought. I already use third party tools to encrypt my files before putting them in the cloud for backup purposes, but the issue is that doing this with .scriv files would break Scriveners ability to sync properly with Dropbox. Do you think there's a chance that other more privacy-conscious cloud platforms (or self-hosted platforms) besides Dropbox will be supported in the near-ish future? I would love to be able to use Scrivener on my iPad, but as it stands right now, I simply do not feel comfortable doing so. Dropbox isn't a very good option for cloud storage if you care about privacy. There are other cloud platforms, like Sync, that claim to function almost identically to Dropbox but in a zero knowledge way, and even iCloud seems to be more private than Dropbox.